Skip to content

Update k8s version to 1.33 #12221

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Apr 30, 2025
Merged

Update k8s version to 1.33 #12221

merged 6 commits into from
Apr 30, 2025

Conversation

vitorsavian
Copy link
Member

@vitorsavian vitorsavian commented Apr 28, 2025
edited
Loading

Proposed Changes

Update k8s version and components

Types of Changes

  • New Release

Verification

Testing

Linked Issues

User-Facing Change

Further Comments

This Draft/PR is to see how the changes behave with my forks, but afterwards I will change for the tags in k3s forks

The scripts folder changes will not be added in the final PR, is only for testing!

There is a version in the go.mod -> github.com/vitorsavian/cadvisor v0.52.0-k3s1 that is not the final version, I just messed up with the tag, but the tag will be v0.52.1-k3s1

@codecov Codecov
Copy link

codecov bot commented Apr 28, 2025
edited
Loading

Codecov Report

Attention: Patch coverage is 0% with 6 lines in your changes missing coverage. Please review.

Project coverage is 19.81%. Comparing base (eba91ff) to head (c174017).
Report is 1 commits behind head on master.

Files with missing lines Patch % Lines
pkg/cli/cert/cert.go 0.00% 3 Missing ⚠️
pkg/clientaccess/token.go 0.00% 1 Missing ⚠️
pkg/cluster/bootstrap.go 0.00% 1 Missing ⚠️
pkg/node/controller.go 0.00% 1 Missing ⚠️

❗ There is a different number of reports uploaded between BASE (eba91ff) and HEAD (c174017). Click for more details.

HEAD has 1 upload less than BASE
Flag BASE (eba91ff) HEAD (c174017)
e2etests 1 0
Additional details and impacted files 
@@             Coverage Diff             @@
##           master   #12221       +/-   ##
===========================================
- Coverage   40.36%   19.81%   -20.56%     
===========================================
  Files         187      184        -3     
  Lines       19211    19146       -65     
===========================================
- Hits         7755     3793     -3962     
- Misses      10273    14923     +4650     
+ Partials     1183      430      -753
Flag Coverage Δ
e2etests ?
unittests 19.81% <0.00%> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

brandond
brandond reviewed Apr 28, 2025
View reviewed changes
scripts/download Outdated
esac

git clone --single-branch --branch=${VERSION_CONTAINERD} --depth=1 https://${PKG_CONTAINERD_K3S/\/v*/} ${CONTAINERD_DIR}
git clone --single-branch --branch=${VERSION_CONTAINERD} --depth=1 https://github.com/vitorsavian/containerd ${CONTAINERD_DIR}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: you shouldn't have to change this when using a personal for, as PKG_CONTAINERD_K3S is automatically set to whatever the replace entry in go.mod points at

Copy link
Member Author

@vitorsavian vitorsavian Apr 28, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a funny change, the https://${PKG_CONTAINERD_K3S/\/v*/} is intended to delete /v2 in k3s-io/containerd/v2, but for me it was deleting vitorsavian/containerd/v2 in github.com/vitorsavian/containerd/v2, so I was only getting https://github.com in the git clone

ps: it's the first time I had something like that related to my name lol

@vitorsavian
Copy link
Member Author

/trivy

@github-actions GitHub Actions
Copy link
Contributor 


Report Summary

┌─────────────────────────────┬──────────┬─────────────────┬─────────┐
│           Target            │   Type   │ Vulnerabilities │ Secrets │
├─────────────────────────────┼──────────┼─────────────────┼─────────┤
│ bin/cni                     │ gobinary │        0        │    -    │
├─────────────────────────────┼──────────┼─────────────────┼─────────┤
│ bin/containerd-shim-runc-v2 │ gobinary │        0        │    -    │
├─────────────────────────────┼──────────┼─────────────────┼─────────┤
│ bin/k3s                     │ gobinary │        0        │    -    │
├─────────────────────────────┼──────────┼─────────────────┼─────────┤
│ bin/runc                    │ gobinary │        0        │    -    │
└─────────────────────────────┴──────────┴─────────────────┴─────────┘
Legend:
- '-': Not scanned
- '0': Clean (no security findings detected)


For OSS Maintainers: VEX Notice
--------------------------------
If you're an OSS maintainer and Trivy has detected vulnerabilities in your project that you believe are not actually exploitable, consider issuing a VEX (Vulnerability Exploitability eXchange) statement.
VEX allows you to communicate the actual status of vulnerabilities in your project, improving security transparency and reducing false positives for your users.
Learn more and start using VEX: https://trivy.dev/v0.60/docs/supply-chain/vex/repo#publishing-vex-documents

To disable this notice, set the TRIVY_DISABLE_VEX_NOTICE environment variable.


bin/k3s (gobinary)
==================
Total: 0 (HIGH: 0, CRITICAL: 0)


Suppressed Vulnerabilities (Total: 2)
=====================================
┌─────────────────────┬────────────────┬──────────┬──────────────┬─────────────────────────────┬──────────────────────┐
│       Library       │ Vulnerability  │ Severity │    Status    │          Statement          │        Source        │
├─────────────────────┼────────────────┼──────────┼──────────────┼─────────────────────────────┼──────────────────────┤
│ golang.org/x/crypto │ CVE-2024-45337 │ CRITICAL │ not_affected │ vulnerable_code_not_present │ rancher.openvex.json │
│                     ├────────────────┼──────────┤              │                             │                      │
│                     │ CVE-2025-22869 │ HIGH     │              │                             │                      │
└─────────────────────┴────────────────┴──────────┴──────────────┴─────────────────────────────┴──────────────────────┘

@vitorsavian
Update to 1.33
19d6611 
Signed-off-by: Vitor Savian <[email protected]>

Fix prints that broke unit tests

Signed-off-by: Vitor Savian <[email protected]>
@vitorsavian
Change binary max size to 75
a77fd3c 
Signed-off-by: Vitor Savian <[email protected]>
@vitorsavian vitorsavian changed the title [WIP] Update k8s version to 1.33 Update k8s version to 1.33 Apr 29, 2025
@vitorsavian vitorsavian marked this pull request as ready for review April 29, 2025 09:49
@vitorsavian vitorsavian requested a review from a team as a code owner April 29, 2025 09:49
@vitorsavian
Copy link
Member Author

/trivy

@github-actions GitHub Actions
Copy link
Contributor 


Report Summary

┌─────────────────────────────┬──────────┬─────────────────┬─────────┐
│           Target            │   Type   │ Vulnerabilities │ Secrets │
├─────────────────────────────┼──────────┼─────────────────┼─────────┤
│ bin/cni                     │ gobinary │        0        │    -    │
├─────────────────────────────┼──────────┼─────────────────┼─────────┤
│ bin/containerd-shim-runc-v2 │ gobinary │        0        │    -    │
├─────────────────────────────┼──────────┼─────────────────┼─────────┤
│ bin/k3s                     │ gobinary │        0        │    -    │
├─────────────────────────────┼──────────┼─────────────────┼─────────┤
│ bin/runc                    │ gobinary │        0        │    -    │
└─────────────────────────────┴──────────┴─────────────────┴─────────┘
Legend:
- '-': Not scanned
- '0': Clean (no security findings detected)


For OSS Maintainers: VEX Notice
--------------------------------
If you're an OSS maintainer and Trivy has detected vulnerabilities in your project that you believe are not actually exploitable, consider issuing a VEX (Vulnerability Exploitability eXchange) statement.
VEX allows you to communicate the actual status of vulnerabilities in your project, improving security transparency and reducing false positives for your users.
Learn more and start using VEX: https://trivy.dev/v0.60/docs/supply-chain/vex/repo#publishing-vex-documents

To disable this notice, set the TRIVY_DISABLE_VEX_NOTICE environment variable.


bin/k3s (gobinary)
==================
Total: 0 (HIGH: 0, CRITICAL: 0)


Suppressed Vulnerabilities (Total: 2)
=====================================
┌─────────────────────┬────────────────┬──────────┬──────────────┬─────────────────────────────┬──────────────────────┐
│       Library       │ Vulnerability  │ Severity │    Status    │          Statement          │        Source        │
├─────────────────────┼────────────────┼──────────┼──────────────┼─────────────────────────────┼──────────────────────┤
│ golang.org/x/crypto │ CVE-2024-45337 │ CRITICAL │ not_affected │ vulnerable_code_not_present │ rancher.openvex.json │
│                     ├────────────────┼──────────┤              │                             │                      │
│                     │ CVE-2025-22869 │ HIGH     │              │                             │                      │
└─────────────────────┴────────────────┴──────────┴──────────────┴─────────────────────────────┴──────────────────────┘

@vitorsavian vitorsavian requested a review from brandond April 29, 2025 10:09
dereknola
dereknola previously approved these changes Apr 29, 2025
View reviewed changes
@vitorsavian vitorsavian requested a review from dereknola April 29, 2025 17:15
brandond
brandond reviewed Apr 29, 2025
View reviewed changes
scripts/binary_size_check.sh Outdated
@@ -11,9 +11,9 @@ if [ "${DEBUG}" = 1 ]; then
set -x
fi

# Try to keep the K3s binary under 70 megabytes.
# Try to keep the K3s binary under 80 megabytes.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

75 or 80?

brandond
brandond previously approved these changes Apr 29, 2025
View reviewed changes
Copy link
Member

@brandond brandond left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm, one nit on the size comment ;)

@vitorsavian
Address binary size comment
e689d32 
Signed-off-by: Vitor Savian <[email protected]>
@dereknola
Copy link
Member

Various golang.org/x/ dependencies should also be bumped (this is what upstream (remote) is shipping)

[NEW REM] golang.org/x/crypto => golang.org/x/crypto v0.28.0 (remote: v0.36.0)
[NEW REM] golang.org/x/net => golang.org/x/net v0.30.0 (remote: v0.38.0)
[NEW REM] golang.org/x/sys => golang.org/x/sys v0.26.0 (remote: v0.31.0)
[NEW REM] google.golang.org/grpc => google.golang.org/grpc v1.65.0 (remote: v1.68.1)

@vitorsavian
Update Dependencies
6a8d113 
Signed-off-by: Vitor Savian <[email protected]>
@vitorsavian vitorsavian requested a review from brandond April 29, 2025 20:43
@vitorsavian vitorsavian merged commit dc03cb4 into k3s-io:master Apr 30, 2025
54 checks passed
@vitorsavian vitorsavian deleted the release-1.33 branch April 30, 2025 08:17
@sivchari sivchari mentioned this pull request Apr 30, 2025
Open
14 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@brandond brandond brandond approved these changes

@dereknola dereknola dereknola approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@vitorsavian @dereknola @brandond